Saturday, 21 September 2013

What is Hacking?

By SPRIT OF WHITEHAT -

The Art of exploring various security breaches is termed as Hacking.

Hacker:

Traditionally, a Hacker is someone who likes to play with Software or Electronic Systems. Hackers enjoy Exploring and Learning how Computer systems operate. They love discovering new ways to work electronically.

Recently, Hacker has taken on a new meaning — someone who maliciously breaks into systems for personal gain.

Technically, these criminals are Crackers as Criminal Hackers. Crackers break into systems with malicious intentions.

Types of hackers:

Coders:

The Real Hackers are the Coders, the ones who revise the methods and create tools that are available in the market. Coders can find security holes and weaknesses in software to create their own exploits. These Hackers can use those exploits to develop fully patched and secure systems.

Coders are the programmers who have the ability to find the unique vulnerability in existing software and to create working exploit codes. These are the individuals with a deep understanding of the OSI Layer Model and TCP/IP Stacks.

Admins:

Admins are the computer guys who use the tools and exploits prepared by the coders. They do not develop their own techniques, however they uses the tricks which are already prepared by the coders. They are generally System Administration or Computer Network Controller. Most of the Hackers and security person in this digital world come under this category.

Script kiddies:

Next and the most dangerous class of Hackers is Script kiddies, They are the new generation of users of computer who take advantage of the Hacker tools and documentation available for free on the Internet but don’t have any knowledge of what’s going on behind the scenes. They know just enough to cause you headaches but typically are very sloppy in their actions, leaving all sorts of digital fingerprints behind. Even though these guys are the teenage hackers that you hear about in the news media, they need minimum skills to carry out their attacks.

Ethical Hacking:

Ethical Hacking is testing the resources for a good cause and for the betterment of technology. Technically Ethical Hacking means penetration testing which is focused on Securing and Protecting IT Systems.

Top Indian Hackers and Hacking Groups

By SPRIT OF WHITEHAT -

So here we go...

Today I'd explain some truths and some secret things that probably you haven't heard before.Yes, I am going to reveal/unveil the short introduction of the Indian Hackers and some of the popular Indian hacking groups.

But before that I'd must say those hackers/script kiddies i am talking about they are neither like great hackers nor they have huge popularity in International Cyber World. But as far as India is concerned they are really great and these guys have done enough jobs for our Indian Nation. So I have decided to make a post about those guys because whenever someone searches on Google about Indian hackers, they will find only the 5-6 hackers from India, such as the Indian Professional Hackers/Inventors Like Pranav Mistry, Koushik Dutta, Vivek Ramchandran, Hari Prasad, Jayant Krishnamurthy, and the most controversial Ankit Fadia. We all know these people. Of course they are great and they have become popular through their hard work and extraordinary talent. But what about those guys who are working day and night and fighting Cyber Wars with the countries like Pakistan, Bangladesh, China and many more ???

Even they are not fighting for money or anything else. They are fighting just for their Nation. They are fighting for our India and they are happy with it. But if you look at the above 7 professionals who are so popular and earning huge money just for giving a brief lecture or taking a college seminar. Remember I respect these professionals and they are definitely talented and they have also huge knowledge.

So I am giving a brief description of Indian Hackers and Hacking Communities.

Note: Perhaps Many of the seniors will be disagree with me for using the term "Hacker" with these young guys but here i'm completely describing my own point of view because they are doing for India and we should give proper respect to them and also i'd like to mention that the above professional hackers were also like these people, they have become hackers later and this young guys will become too...

IndiShell:

You all know about this community. Indishell is the most popular and one of the leading hacking group of India also the community known as Indian Cyber Army (ICA). Indishell has total 8 Core members and more than 40 other members. As far as cyber wars are concerned Indishell is the one who attended each and every cyber wars for our Indian Nation. The founder of the Indishell group is LuCky and some core members of this group are...

DarkwOlf, Ashell, Irfninja, Manish, Ebin, Silentpoison, Atul, Inxroot, Cooltoad, RootDevil, Striker, Ethicalnoob, Exesoul, Ramankumar, and some others whom I can't expose publicly without their permission.

I think I don't need to describe about Indishell's achievements. There is a huge list. If I start talking about the sites and history of websites that was hacked by Indishell this page is not enough to complete. So google it..!

TOF (Team Open Fire):

Team OpenFire or OpenFire is one of the leading hacking community not only Indian hackers some of the International hackers also Involved here. CODED32, the founder and the moderator of this group is one of the talented hacker from India.

Here is the name of the core members of team OpenFire. Remember I can't expose the all names of core members here because it might brings up some dis-conveniences later.

CODED, Wiretrap, TRID3NT, Ion, Foxinious, 4g3n7.1337, Olli Muller, John Horder, Cyber Tremmour, K10, HP, COde InjectOr, Lethal Code, Mr.T.Att4ck3r, Scriptionix.

Here I am exposing some achievements of team openFire:

Ebay, Natinal Portal of Bhutan Government, Gmail.com, IBM Research, Sony Pakistan,

LG Electronics Pakistan, Microsoft India and Intel. Such high profile websites were hacked by Team Open Fire.

Team NUTS™ :

Here N U T S stands for Never Underestimate The Spirit. Team NUTS is also one of the most dangerous and well known hacking community of India founded by Mayank Yadav. Yadav is one of the popular guy from Team NUTS and as far as I know, he is a good Photo Graphic Designer too. Specially Team NUTS is focusing on Pakistan. Because Pakistan is the one of the countries who are randomly damaging Indian Cyber Spaces since 4-5 years. So Team NUTS has a great significant for defacing Pakistani websites and they have hacked more then 1000 pakistani website and servers.

Here are three core members of Team NUTS™ : Mayank, Prateek and Yash, and I'd not publish other member names here without their permission.

Team Grey Hat:

Team Grey Hat [TGH] is one of the most hungriest group of Indian Hackers. Lot of high profile websites and government websites were hacked and many important servers were rooted by Team Grey Hat.

So India, Hope I have explained a brief introduction to you about our Young Hackers and the Indian Hacking Communities and groups.

Remember there are two other groups, who are also fighting cyber wars...

So these are the hacking groups of INDIA. Usually they are Black hat Hackers of INDIA. But these young hackers are securing our INDIAN Cyber Spaces and Fighting for our Nation with the other countries.

Precautions for a young hacker

By SPRIT OF WHITEHAT

Friends in this article i will tell you a few precautions you should take before you start hacking... But before that i wanna tell you...

1) How hackers get caught.

First stuff that gives you away are "LOGS". You need to know how events, application, and system logs work. If you don't, you can be easily caught! The shell history will expose your actions.

Another giveaway is leaving a “:wq” in /var/log/messages or binarys.

Your laziness will take you into problems. NEVER HACK FROM HOME..! Take your time, and go to net cafe or anywhere else apart from home. Logs will take you down!

The code that you run on system will take you down. If you compile the code on target, libraries will give you away!

If your victim, notice, that he is maybe hacked, or something is wrong.. He will ask from his ISP for IP logs, and if you don't use VPN, or if you hack from home, they will hunt you down.

Thing, that takes you down 100% is BRAGGING. It is common problem of beginning hackers. They like to brag, to earn respect and reputation but NOT KNOWING that is the matter of minutes, hours may be days when they will be caught.

2) Hiding and Securing you as "Hacker"

Temporary guest accounts, unrestricted proxy servers, buggy Wingate servers, and anonymous accounts can keep hackers carefree.

A young hacker is less likely to know all the little things that an expert hacker might know. Besides, the young hacker may be trying to impress others and get a little careless about covering his tracks. This is why younger hackers are often caught.

An older hacker, on the other hand, will rarely leave any tracks. They know how to use their slave's computers as a tool for a launching place to get into another computer.

There will always be hackers, and there will always be hackers in prison.

* DESTROY LOGS, REMOVE ALL YOUR TRACKS!

How to Destroy Logs?

Choose Start > Control Panel.
Double-click Administrative Tools, and then double-click Event Viewer.
In either pane of the Event Viewer window, right-click System and then select Clear All Events.
To save the current system log, click Yes when Windows returns the message, "Do you want to save 'System' before clearing it?", enter a file name for the saved system log file, and then click Save.

* DO NOT HACK AT HOME! USE VPN THAT SAVES NO LOGS!

Virtual Private Network - VPN

A virtual private network (VPN) extends a private network and the resources contained in the network across public networks like the Internet. It enables a host computer to send and receive data across shared or public networks as if it were a private network with all the functionality, security and management policies of the private network.This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.

The VPN connection across the Internet is technically a wide area network (WAN) link between the sites but appears to the user as a private network link—hence the name "virtual private network".

Some free VPN Services:

1. ProXPN

2. VPNod

Basic lab setup for a young Hacker

In this tutorial we will discus how you can setup a lab for yourself to practice hacking on your system. At very basic level a hacker is in need of 2-3 systems with a Wired LAN or Wireless LAN. But if you are the one who has started just like me with just one laptop or computer then possibly there's no way you can match this setup. So following was my solution to start practicing with only one laptop or PC meeting above criteria of multiple computers connected in LAN. At most basic level following are your requirements.

Requirements:

1. A Computer (PC/Notebook):

First of all a computer which must have minimum following configuration.

A processor with 1.7GHz clock speed,

120GB + Hard disk

2GB RAM, Please note than your RAM must be above 1GB for practicing. If your RAM is less than 1GB or 1GB I 'll highly recommend you buy 512MB module extra or 1GB gigs for you.

A Virtual PC Emulator:

A virtual PC emulator is needed since I assumed you don't have multiple PC's to setup your lab, even if you have it I would prefer to advice you to use a Virtual PC Emulator. There are several options to pick from but our pick is “Oracle's Virtual Box”.

Reason its open source means free, low on resources, supports all kind of network types, no problem to setupscreen options, it automatically setups resolution once you install guest installation and have nearly all that features that a professional virtual PC emulator may have. Following is download link to virtual box latest version.

DOWNLOAD

A professional choice is VM-Ware. You can purchase it HERE if you want to run it on Mac.

VMware Fusion 3 is available.

Though VM-Ware have several advantages over Virtual Box, virtual box is just good to go. Prefer it if you want to shed money.

An Online Synchronization Service:

If you think even that needs shedding money, then I want to assure there's again a free alternative available, its name is Drop Box. Go to www.dropbox.com and create your personal free account then download its setup file and install for synchronization.

A Static IP Address:

Now that will be problem to get a static IP address since a static IP Address may cost you nearly $100 I.e approximately Rs.5000. But don't worry about it we have a free alternative solution to counter problem of static IP. I have told you in my previous articles how to transform and use a dynamic IP as Static IP.

A PC restore utility:

There are no free alternative to PC Restore Utilities so we will work out on evaluation version. Download Farconics Deep Freeze from following link

DOWNLOAD

IP Address Hiding Utility:

Proxy Servers, Anonymizors and VPS are some IP address hiding options. We will discuss them when their need will come in to play. I have already show you in my previous articles how to stay anonymous online. Check anonymity online in the above menu...

High Speed Internet Connection:

Of course when you want to learn hacking you need a high speed Internet connection. Opt for a USB dongle by BSNL, TATA, Reliance as mobile broadband and BSNL land-line broadband is just much better option. If you don't have high speed connection and you work on slower connection like GPRS and dial-ups its hard to learn hacks done over Internet.

Procedure:

Before you proceed create a separate partition for installation of Virtual system, the partition must be at least 15GB in size. First of all download latest version of Oracle's Virtual Box and install it on your system. While installation it'll ask several times about installing various components just press OK for all of them because you'll need them all.

Once installation is done virtual box will come up with several pop ups when you'll be using it, please read each pop up because they are your tutorials to master “Virtual System Environment”. Please please please, don't skip any of those pop ups. When your installation will be over you'll see virtual system isn't really working in full screen. To tackle it run virtually installed system click on devices and “Install Guest Additions”. From next time it will run in full screen.

Setting up virtual system is done, now jump up to the next part start your virtual system open web browser of virtual system and download Drop-Box application and sign in to it. Now on-wards whenever you'll download any software for hacking paste it into Drop Box default folder, it'll synchronize it with your online storage. After installing and signing up Drop Box download Deep Freeze don't install it now. Shut down your Virtual System and copy virtual hard disk as backup in another folder, start system and install Deep Freeze, before installing it read its online manual so that you should not get problem using it. Now when your Deep Freeze evaluation time expires just delete older hard disk and copy the backup and start over again. This will keep your evaluation copy last forever. If you haven't yet understood what we actually did with virtual box then I should clear we just setup a Virtual LAN for our practice using just a single computer. So you can't now boast you don't have a LAN to practice or a remote host to practice. You can run two virtual systems simultaneously if you have at least 2GB RAM. This not only solves our problem of private LAN to practice but it indirectly also offers you remote host to attack on. i would personal say not to install virtual system on Windows XP or Vista, get Windows 7 or Server 2008.